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2. (cancel) The security system of claim 1, wherein said security context contains 
support for Java authentication and authorization service based pluggable authentication. 



3. (cancel) The security system of claim 1, wherein said security context contains a 
subject instance. 

4. (cancel) The security system of claim 1, wherein said security context contains 
principals and credentials of said subject. 

5. (cancel) The security system of claim 4, fixrther comprising a generic credential 
interface. 

6. (cancel) The security system of claim 4, further comprising a security principal 
interface. 



Please add the following new claims: 



7. (new) A security system for a computer system having a server and a client, 
wherein said server utilizes a resource adapter to interface with an enterprise information system, 
wherein said security system includes a security context, said security context propagated from 
said server to said resource adapter. 

8. (new) The security system of Claim 7, wherein said security context contains a 
subject instance. 

9. (new) The security system of Claim 8, further including principals and 
credentials, said principals and credentials associated with said subject instance. 
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10. (new) The security system of Claim 9, further comprising a generic credential 
interface. 

1 1 . (new) The security system of Claim 9, further comprising a security principal 
interface. 

12. (new) A data structure specifying a security contract for use in a computer system 
having a client, a server, and a resource adapter, the security contract specifying a relationship 
between software entities in said computer system, the security contract comprising: 

a subject class; 

a generic credential interface; 

a password credential interface; and 

a Java security principal interface. 

13. (new) A method of providing security in a computer system having a client, an 
application server, an application component, a resource adapter and a principal mapping 
module, and a subject instance having the method comprising the steps of: 

the application component invokes a connection request method on the resource adapter 
without passing in any security argimients; 

the resource adapter passes the connection request to the application server; 

the application server is configured to use the principal mapping module; 

the principal mapping module takes the subject instance with the caller principal and 
returns the subject instance with a valid resource principal and password credential instance to 
the application server; and 

the application server establishes a managed connection between the application server 
and the enterprise information system using the valid resource principal and password credential 
instance. 
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14. (new) A computer system for comiecting a client process with an enterprise 
information system, the computer system comprising: 

an application server, said appUcation server including a connection manager, a security 
manager, and a security configuration; 

a resource adapter, said resource adapter having a connection factory and a managed 
connection factory; 

an appUcation component, said application component in communication with said 
connection factory to pass information to said connection manager; 

a Java authentication and authorization service module, said service module in 
communication with said security service manager, said service module containing a submodule; 

an enterprise information system, said enterprise information system in communication 
with said managed connection factory and said service module. 
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